Achieving right-sized connectivity

For the last two decades, the direction of travel has been to connect everything, adding more remote access, more APIs and ever more integration across more networks. As organisations look to the year ahead, many are being forced to confront the big downside of that overconnectivity - the enormous attack surface and blast radius when things do go wrong. 

 

The next step in cyber-security maturity is right-sized connectivity, where organisations focus on connecting systems only as much as their function truly requires, no more, no less. That means reintroducing hard boundaries and firebreaks inside networks, particularly around crown jewels and safety-critical systems. Air-gapping and logical micro-segmentation (e.g. firewalls) have helped us down the road to this outcome, but both still ultimately rely on software and identity and access controls that attackers increasingly know how to bypass. 

 

Looking ahead, this is why now is the time to pair logical controls with technologies that can physically cut connectivity on demand. 

 

The overconnectivity problem

Hyper‑connectivity has produced complex, unwieldy tech stacks and networks. When a new vulnerability or threat appears, many organisations respond by adding another tool, patch or integration. While each of these might address a specific risk, the end result is often a fragmented security posture full of blind spots, where complexity begins to undermine security. 

 

This challenge is compounded by adversaries using automation and AI-powered threats with the ability to think, spread and adapt without human input. In that context, software-only defences - no matter how advanced - still depend on the very systems that are being attacked. Of course, firewalls and endpoint security still have their place in any layered defence, but trying to fix software weaknesses with more software is never going to guarantee safety.

 

The UK Government’s Cyber Action Plan and threats like the recent wave of DoS attacks against local government and UK CNI operators have highlighted once again the need for more resilient public services. Now, the ability to quickly react to fast-moving cyber-threats has become foundational for both public and private organisations. That’s why physical resilience and the ability to decisively contain a breach when software defences are under pressure is becoming so essential to robust security today.

 

Rethinking what needs to be online

When organisations strip cyber-security back to its core principles (clarity, control and isolation), they often achieve better protection than they would with any sprawling software stacks. This isn’t an argument for abandoning digital defences, but for anchoring resilience in controls that remain effective even when software has been compromised.

 

A fundamental question sits at the heart of this approach - how much of your infrastructure truly needs to be online? In a hyperconnected world, we’ve defaulted to keeping everything on, all the time. But always-on equals always-vulnerable. If certain data, systems or backups don’t need constant internet access, why expose them?

 

Physical isolation simplifies risk to a simple, binary choice: systems are either connected or they are not. In the year ahead, as threats continue to evolve and surge in frequency, more organisations are combining logical controls with hardware‑enforced network isolation - technologies that allow servers, storage or network segments to be physically disconnected and reconnected on demand using secure, non-IP, out-of-band commands that will never rely on a compromised network.

 

The case for controllable physical segmentation

By selectively disconnecting key assets at the right time and in the right places, you can gain total control of your business’ security. The key to modern deployment of this firebreak method lies in that control and being able to isolate systems instantly but also reconnect them - either automatically or at the touch of a button - so that attack surfaces are reduced without negatively affecting operations.

 

Even when a breach does happen, being able to physically control the containment of a threat by creating a clean physical break becomes an invaluable tool – whether for the security team, the CEO or the board. By isolating systems at the hardware level, rather than relying on firewalls or virtual LANs, organisations can stop lateral movement, protect their critical assets and dramatically reduce the blast radius of an attack within milliseconds. Investigation and reporting become a lot easier, and any downtime of operations is effectively minimised.

 

Being able to place that cloak of invisibility over parts of your network revolutionises control over  cyber-security, especially in high-stakes environments such as public services, data centres and financial institutions, where resilience expectations are only increasing and where downtime carries severe operational, financial or regulatory consequences.

 

Firebreaks protect fortresses

The goal isn’t to go back to a world of isolated, air-gapped islands everywhere. As organisations plan for the year ahead, the focus is shifting to gaining physical control of network security and connectivity by putting deliberate, well-placed firebreaks into modern, interconnected networks so that attack surfaces are always as small as possible and so that a breach becomes a containable incident, not a company-wide crisis.

 

Think of it the way civil engineers think about fire safety. Buildings aren’t designed to be completely fireproof. They’re designed to limit the spread of a fire. Fire doors and other shut-off mechanisms keep fires confined to specific areas to stop them from spreading. Cyber-security needs to follow the same philosophy at the infrastructure level as threats continue to intensify. 

 

The regularity with which breaches are hitting the headlines is contributing to a growing apathy towards cyber-security. At this point, many seem to think breaches are just an inevitable part of life and doing business. This is even reflected in cyber-security insurance premiums right now.

 

What will increasingly differentiate organisations in the months ahead is how well they are prepared to block and contain threats at a network level. By right-sizing connectivity and enabling systems to be fully disconnected the moment risk is detected, organisations can dramatically reduce their threat exposure as well as the impact of a successful attack. A single compromised system no longer brings the business to a halt. Ransomware can’t jump from system to system. Incidents can be easily isolated and recovered from.

 

For businesses concerned that emerging technologies will supercharge cyber-attacks, the priority is putting the right systems and response strategies in place before an attack occurs, at best stopping it from happen and at worst allowing the business to continue operating or get back up and running in as little time as possible if it does. Budgets, architectures, and vendor relationships may already be in place, but resilience demands adaptation, and adaptation starts with accepting that not everything needs to be connected all the time.

 

---

 

Michael Vallas is Global Technical Principal at Goldilock Secure

 

Main image courtesy of iStockPhoto.com and NicoElNino